diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 28625bad05..eb267f31f0 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=d PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch new file mode 100644 index 0000000000..6c7143dd7e --- /dev/null +++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch @@ -0,0 +1,56 @@ +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -22,6 +22,53 @@ oid_section = new_oids + # (Alternatively, use a configuration file that has only + # X.509v3 extensions in its main [= default] section.) + ++openssl_conf=openssl_conf ++ ++[openssl_conf] ++engines=engines ++ ++[engines] ++# To enable an engine, install the package, and uncomment it here: ++#devcrypto=devcrypto ++#afalg=afalg ++#padlock=padlock ++ ++[afalg] ++default_algorithms = ALL ++ ++[devcrypto] ++# Leave this alone and configure algorithms with CIPERS/DIGESTS below ++default_algorithms = ALL ++ ++# Configuration commands: ++# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a ++# list of supported algorithms, along with their driver, whether they ++# are hw accelerated or not, and the engine's configuration commands. ++ ++# USE_SOFTDRIVERS: specifies whether to use software (not accelerated) ++# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use ++# if acceleration can't be determined) [default=2] ++#USE_SOFTDRIVERS = 2 ++ ++# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to ++# enable [default=ALL] ++# It is recommended to disable the ECB ciphers; in most cases, it will ++# only be used for PRNG, in small blocks, where performance is poor, ++# and there may be problems with apps forking with open crypto ++# contexts, leading to failures. The CBC ciphers work well: ++#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC ++ ++# DIGESTS: either ALL, NONE, or a comma-separated list of digests to ++# enable [default=NONE] ++# It is strongly recommended not to enable digests; their performance ++# is poor, and there are many cases in which they will not work, ++# especially when calling fork with open crypto contexts. Openssh, ++# for example, does this, and you may not be able to login. ++#DIGESTS = NONE ++ ++[padlock] ++default_algorithms = ALL ++ + [ new_oids ] + + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.